US spares Internet code-master

Click to follow
The Independent Online

Science Correspondent

After three years' investigation, a US district attorney has decided not to prosecute Philip Zimmermann, who wrote a piece of encryption software now widely used in cyberspace to keep messages secret.

It is so effective that the US classifies it as a munition and bans its export without a licence, the penalty for which is a maximum jail term of 51 months.

Mr Zimmermann, to whom the decision was faxed on Monday, said he was "ecstatic". Internet users adopted his program, Pretty Good Privacy (PGP), to make private messages and files uncrackable and to give their public messages a unique electronic "signature".

The decision could help US companies which have been urging the government to let them compete with rivals already selling encryption packages like PGP. Washington had resisted their calls but wide availability of a free uncrackable encryption program will make their case hard to deny.

Mr Zimmermann was never charged but had been under investigation since 1993 by Michael Yamaguchi, US district attorney in San Francisco, after copies of PGP became widely available on the Internet.

It was copied to the Internet by a friend of Mr Zimmermann who sent it to computer bulletin boards from his laptop over public payphones. Almost simultaneously, it was rumoured that the US government would soon outlaw such "strong encryption". However, Mr Yamaguchi said he would not be prosecuting any individuals following the investigation.

PGP uses a technique that is easy to perform with a standard PC, yet impossible to crack with even the most powerful systems. It starts from two large prime numbers, which are used to produce the "public" and "private" keys. Each program user generates his or her own pair of keys and then makes the public key available to anyone. To encrypt a message the sender uses his private key and the receiver's public key.

The message can only be decrypted by the intended receiver. To an interceptor, such as a US government official, the content is a meaningless jumble of numbers. However, there have been claims that though PGP can have positive uses, it also appeals to criminals.